Author: Arthur Chen 2016-06-29 01:38:44
Published on: 2016-06-29T01:38:44+00:00
HMAC, or Hash-based Message Authentication Code, has a proven security property that remains secure even when the underlying crypto hashing function has collision-resistant weakness. Despite MD5 being considered completely insecure now, HMAC-MD5 is still considered secure. It is recommended to use HMAC for MAC (Message Authentication Code) rather than custom construction. In a conversation between Rusty Russell and Jonas Schnelli, it was suggested that SHA512_HMAC be used in a mix instead of just SHA256_HMAC because it is used by BIP32 and most clients will make use of bip32 features. However, Rusty argues that this may be unnecessarily painful. SHA256_HMAC is currently not used by the current p2p & consensus layer, but is used for HTTP RPC auth and Tor control in Bitcoin-Core. Rusty also questions the use of HMAC over just SHA256. Xuesong (Arthur) Chen, a Senior Principle Engineer and BlockChain Technologist at BTCC, initiated the conversation.
Updated on: 2023-06-11T18:52:42.735152+00:00